CVE-2025-38420

wifi: carl9170: do not ping device which has failed to load firmware

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0140d3d37f0f1759d1fdedd854c7875a86e15f8d
https://git.kernel.org/stable/c/8a3734a6f4c05fd24605148f21fb2066690d61b3
https://git.kernel.org/stable/c/527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c
https://git.kernel.org/stable/c/bfeede26e97ce4a15a0b961118de4a0e28c9907a
https://git.kernel.org/stable/c/4e9ab5c48ad5153cc908dd29abad0cd2a92951e4
https://git.kernel.org/stable/c/301268dbaac8e9013719e162a000202eac8054be
https://git.kernel.org/stable/c/11ef72b3312752c2ff92f3c1e64912be3228ed36
https://git.kernel.org/stable/c/15d25307692312cec4b57052da73387f91a2e870

Frequently Asked Questions

What is the severity of CVE-2025-38420?
CVE-2025-38420 has not yet been assigned a CVSS score.
How to fix CVE-2025-38420?
To fix CVE-2025-38420, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38420 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38420 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38420?
CVE-2025-38420 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.